[PODCAST] Jack Barsky illustrates how to prevent the unwinnable cyber war at InfoSec Nashville

When Jack Barsky talks information security, it would be an understatement to say that he knows what he’s talking about.

The “doubly-retired” former KGB agent and retired information security specialist will be delivering a keynote presentation at the upcoming InfoSec Nashville conference on September 19, 2017, where he plans to share his experiences with the three critical issues facing the information security industry today.

The first of these problems is something that Barsky says can escalate much more quickly than people expect: senior management teams that discount or don’t understand the importance of infosec threats.

“I truly sympathize with folks who work in the trenches, who very often are not known to even be doing work because it’s only when something breaks that people point fingers saying, ‘What did you do about security?’” Barsky said. “But when everything is smooth and people are successful at fighting viruses and setting up firewalls and all that, nobody pays attention. It’s not sexy to the corporation; it’s not sexy to people who are just users of IT.”

Senior management teams are far from alone in this lack of awareness, however, Barsky notes in his second point. Despite information security’s recent exposure as a hot political topic, the public at large does not seem to be well-educated about the dangers we face even in our day-to-day lives.

Referencing last year’s presidential election, Barsky says,  “I thought this might be a good time to raise public awareness about these issues, and I think we just blew a great opportunity to do so. Based on what I know, what I see, and what I’ve observed for a long time is there’s a tremendous lack of awareness amongst the American public, all of whom are nowadays users of technology, about the dangers lurking in cyberspace.”

While so much of the awareness that does exist focuses on dangers outside of the country, insider threats – social engineering, falsified backgrounds and stolen identities – are just as present, though often ignored, Barsky said about his third concern.

“If there’s a World War III that’s fought with nuclear weapons, nobody’s going to win. And I believe that if there’s a serious cyberwar that happens, I’m not sure anybody could win that one either,” he said.

Though the solutions to some of these problems are difficult, Barsky said, they are luckily not impossible. The first involves filling the gaps in awareness that seem to permeate society.

“We need to, as an information security community, find ways to band together and make this a priority, educating the American public, because this thing, this cyberwar – as most of the attendees know – is dangerous as hell,” he said.

And the second means reinforcing to senior management that information security is worth the time, money and interest, even if it might not seem so glamorous. This often requires a change in attitude.

“Communication is a two-way street. You’ve got to have somebody who can actually convey the message and somebody else who is willing to listen. And if your partner does not listen, then unfortunately, you can do all the communicating you can muster and it’s not getting anywhere,” Barsky said.

Once those conversations have been had, it’s up to the company, Barsky said, to rise to the challenge, going above and beyond industry or legislative standards to make certain that information security is being maintained.

“The government cannot issue rules that apply to a wide set of organizations and enterprises  and believe that they’ve got every threat covered. It’s impossible,” he said. “If you just check the boxes, that’s good and well, but you’ve got to do more to deal with the specific issues that you know you have. And that takes some courage.”

Jack Barsky will be giving a keynote address at InfoSec Nashville on September 19, 2017, at the Music City Center. Register now to attend the conference.


[PODCAST] Nir Zuk confronts gaps in the cyber security industry at InfoSec Nashville

For Nir Zuk, founder and CTO of Palo Alto Networks, building the future of information security is part of the day-to-day.

Zuk will be delivering a keynote presentation at the upcoming InfoSec Nashville conference on September 19, 2017, where he plans to delve into the financial side of information security and how the industry can strengthen the defense against cyber attacks.

The 1990s and early 2000s saw large investments in information security, stopping 90 percent of the attacks that occurred at the time, Zuk said. This was followed by a period of even greater investment in the mid-2000s, during which tens of billions of dollars stopped around 10 percent more cyber security issues.

Today, only about 1 percent of those cyber attacks pose a major threat to companies, but it’s unlikely that this last percent will be eliminated, Zuk said.

“What do we do to jump from 99 percent to 99.9 percent elimination of successful attacks? Are we going to invest 10 times more again, meaning are we going to invest hundreds of billions of dollars into a market that is $40 billion a year? Is it even feasible, or should we do something fundamentally different? I think the obvious answer is that we can’t do that,” he said. “We cannot go to that level of investment, and it’s clear that – without that level of investment – we’re not going to move much further than where we are today.”

While investing enough money to bridge the gap may not be feasible, there are other things that the information security industry can do to prevent major cyber attacks.

For instance, because many attacks are financially-driven, increasing the number of attacks a hacker must stage to break through a company’s security also increases the cost to the orchestrator.  

“In those cases, it’s not about stopping 100 percent of attacks, which is probably not something we’re going to get to. But it’s about making that attack much more expensive than what you can get out of the attack,” Zuk said.

In addition to directly confronting attacks, Zuk said that finding people to fill open positions in the information security industry could also benefit companies looking to improve their defenses.

“Right now in the U.S. there are over 250,000 open positions for infosec professionals. And it’s just getting worse and worse and worse,” he said. “What do we do? I can come up with the best technology ever, but if my customers don’t have anybody who can use it, then there’s no way for me to protect them.”

While more extensive education about information security would be a partial solution to this problem, Zuk said that what’s really needed is a change in the industry – especially a shift to focus more on technology.

“Given that attacks are automated, it’s not about how many people we have versus how many people they have. It’s how many people are required to deal with our infosec processes versus the capability of the bad guys to utilize automation and keep our infosec teams busy,” he said. “Of course, this is a war you’re not going to win. As long as we’re fighting machines with people, we’re not going to win.”

As a founder of one of the critical companies in cyber security, Zuk is helping lead the industry toward this automation, which he said he is optimistic to see develop over time.  

“I think that we’ve been picking the low-hanging fruit for the last 25 years. Yes, we’ve been going higher and higher in the tree, but we’re still very low. And now we to have to start getting to points where we use way more technology and way more specialized technology and different attacks require different sets of technology,” he said.

Nir Zuk will be giving a keynote address at InfoSec Nashville September 19, 2017, at the Music City Center. Register now to attend the conference.


[PODCAST] InfoSec Nashville 2016 Highlights Industry’s Latest Trends, Ideas

Security leaders, software developers and hackers gathered at the Nashville InfoSec 2016 conference to trade tips and learn about the latests trends in a rapidly evolving industry. Organized by the Middle Tennessee Chapter of the Information Systems Security Association, the annual conference served as a marketplace of ideas for innovators on the cutting edge of data security to share their thoughts with consumers and other companies.

Hear from some of the most influential participants in the industry as they share their thoughts on the latest trends and takeaways from the conference.

This year’s podcast is brought to you by Netskope, the leading cloud access security broker. Netskope gives IT the ability to find, understand, and secure cloud apps. Only Netskope empowers organizations to direct usage, protect sensitive data, and ensure compliance in real-time, on any device, for any cloud app so the business can move fast, with confidence.

Jay Bivens, Senior System Engineer at Netskope, discusses how companies can best protect customer data as more software is moved into cloud systems. With fundamental changes happening in how companies manage data, Netskope is trying to protect cloud data in a responsible and efficient manner.

Brian Moyer, new President and CEO of the Nashville Technology Council, discusses how healthcare companies can protect patient data. Moyer wants to continue to make Nashville a healthcare information technology innovator, setting the pace for the rest of the industry. He also shares his thoughts on what makes Nashville such a successful technology hub.

Kyle Bubp, Security Practice Lead at Veristor, gets inside the minds of hackers and reminds everyone that no individual is free from the dangers of data crime. Comparing black, white and gray hackers, Bubp blurs the line between research and harm when trying to find the best way to protect your data.

Eric Brown, Asst Director of CEROC at Tennessee Tech, works as part of a team to educate students of all ages from kindergarten through the professional world on the ever changing environment of cyber security. CEROC and founder Dr. Ambareen Siraj’s next big event is the Women in Cyber Security conference in Tuscon, Arizona, on March 31- April 1, 2017.

Marci McCarthy, CEO and President of T.E.N., delivers the largest breakout session of the conference to discuss coming challenges for security officers in information technology. She details the rise of information security, the influence of blockbuster hacks like the DNC and what a conference of black hat hackers does to a hotel.

Ty Tyra, Information Security Engineer at LBMC Information Security, sees companies dropping their vigilance in preventing cyber attacks. With so many different breaches of large corporations, instead of ramping up security concerns, the general public is now desensitized to attacks. Tyra reminds everyone that diligence is their best defense.

John Beauchamp, Senior Manager of Risk Management at LifePoint Health, prepares his company for cyber attacks by running individuals through simulations to see how they react. The industry changes every day, and the best security experts learn from others in the industry.

Winn Schwartau, Founder and CEO of The Security Awareness Company, is not very impressed with the current state of cyber security. He puts the fun back into security awareness by taking an entertainment-based approach to his messaging. Attention spans are shrinking, and marketing strategies need to adjust.

The InfoSec Nashville 2016 podcast is sponsored by Netskope and is a production of Relationary Marketing, produced by Chuck Bryant and host Clark Buckner, edited and mixed by Jess Grommet, with production assistance from Kirk Bado.


[PODCAST] Ryan Olson Demystifies the Pragmatic Adversary at InfoSec Nashville

Palo Alto Networks Threat Intelligence Director Ryan Olson wants to take the fear out of Advanced Persistent Threats (APT) in network security.

“Small and medium businesses throw their hands up (when they hear APT) and think of this attacker as too advanced and too dangerous to defend against,” he said.

But that’s not always the case. Olson will be a keynote speaker at the 16th annual InfoSec Nashville conference on September 20, 2016, at the Music City Center. His presentation will center around his theory of the Pragmatic Adversary, his take on APT, which states there is not some big complex machine persistently attempting to breaking into your network, it’s a living, breathing human.

“All of these attacks are launched by people – human beings with wives and kids and dogs and jobs. But more importantly, they have a boss who told them they need to go and accomplish this task,” he said.

Olson leads Unit 42, the intelligence team at Palo Alto Networks. In a nod to the big question at the heart of the novel Hitchhiker’s Guide to the Galaxy, Olson’s security team is named after the answer to the question of life, the universe and everything because security is at the heart of everything the company does.

At Palo Alto, Olson works with the notion that there is not a whole lot firms can do to prevent attacks from happening, but they can prevent the attacker from being successful.

“As defenders, we are constantly getting better networks to defend against attackers.”

Taking a multifaceted approach to network security is the only realistic way networks can prevent successful attacks. Using a system of malware prevention and information sharing, Olson called this is the next generation firewall.

“It’s a prevention first posture for their network, not trying to detect and respond to attacks, but stop them from being successful in the first place.”

Ryan Olson will be giving a keynote address at InfoSec Nashville on Sept. 20, 2016, at the Music City Center. Tickets can be purchased here.